CASB’s Next Frontier: Custom Apps + IaaS

Cloud represents the future of IT, as organizations across industries jettison their data centers. The widespread move has resulted in an estimated $200B market for public cloud services in 2016. Yet even within the young cloud market, an emerging category is building unprecedented momentum. According to Gartner, Infrastructure as a service (IaaS) grew an estimated 42.8% the past year, nearly double the growth rate of SaaS. Computing workloads are moving to cloud solutions like Amazon Web Services, Microsoft Azure, and Google Cloud Platform as companies pursue benefits in scalability, cost, and even security.

I’m thrilled to announce Skyhigh will pioneer this next phase of the cloud security market with Skyhigh for Custom Apps and Skyhigh for Amazon Web Services, Microsoft Azure, and Google Cloud Platform. The new products make Skyhigh the only cloud access security broker (CASB) to provide a comprehensive security solution for both SaaS and IaaS. And, with these new solutions, Skyhigh offers the only end-to-end IaaS security solution that delivers security and compliance for both custom apps and IaaS platforms they are running in.

“Skyhigh’s expansion of its security controls beyond SaaS is a key way IT can empower the business to fully leverage custom applications running in public IaaS, as well as having the confidence in protecting the IaaS platforms themselves.”

David Smoley, CIO AstraZeneca

Learn about Skyhigh for IaaS in 2 Minutes

Why is this so important? Companies have dozens and even hundreds of custom-built applications they use every day serving employees, external partners, and customers. Many of these applications serve critical functions for the organization. Moving these applications to the cloud can benefit companies’ bottom line, reduce time-to-market, and help them stay competitive in their respective industries.

But, as critical enterprise applications move to public IaaS platforms, companies face a new wilderness of security challenges. Here are a few of the examples of security and compliance challenges we heard from organizations:

Employees post customer credit card numbers in unencrypted “notes” field of an internal customer service application, violating PCI compliance. The enterprise’s requirement was to enforce DLP on comments field and capture a detailed audit trail for investigation in the event of a violation.

Highly valuable intellectual property was stored in S3 bucket that was publicly accessible, in violation of internal policies. The enterprise’s requirement was continuous audit of security configuration of their AWS environment and enforcing DLP on data stored in S3 buckets.

Security incidents occurred in a custom loan origination application running in an IaaS Platform and the security team had no way to investigate. The enterprise’s use case was activity monitoring of each user’s actions, and leveraging user behavior analytics to identify insider threats, and privileged user monitoring.

With the advent of Skyhigh for Custom Apps and Skyhigh for Amazon Web Services, Microsoft Azure, and Google Cloud Platform, Security teams can now extend the required controls to custom built applications and the IaaS platforms they are running in, accelerating the adoption of IaaS across their enterprises, while meeting security and compliance requirements.

Skyhigh for Custom Applications enables enterprises to extend the same CASB capabilities used to secure SaaS – such as DLP, activity monitoring, threat protection, access control, and encryption – to their custom-built applications running in any IaaS platform. Best of all, policies are enforced without requiring any development effort. Specifically, Skyhigh for Custom Applications:

Provides IT security teams visibility into the user activity capturing a complete audit trail for compliance and investigations.

Skyhigh for Amazon Web Services, Microsoft Azure, and Google Cloud Platform are comprehensive monitoring, auditing, and remediation solutions for enterprises looking to secure all of their IaaS accounts, or just those hosting a specific custom application. Skyhigh analyzes the configuration and use of IaaS accounts, identifies security and compliance gaps, and recommends specific actions to reduce risk. Specifically, Skyhigh for Amazon Web Services, Microsoft Azure, and Google Cloud Platform:

Capture a complete audit trail of all administrator actions in the IaaS platform and actively detect insider threats and compromised accounts.

Audit the IaaS platforms’ security settings to identify misconfigurations and make recommendations per company’s policies, such as requiring multi-factor authentication for users and eliminating publicly accessible storage buckets.

Identify inactive accounts that should be deleted to reduce the attack surface.